commited current state (new functions, may not work by now)
This commit is contained in:
Ansible Servercow
36
roles/system/tasks/ssh-hardening.yaml
Normal file
36
roles/system/tasks/ssh-hardening.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
- name: Public‑Keys von URL holen
|
||||
ansible.builtin.uri:
|
||||
url: "{{ ssh_pub_key_url }}"
|
||||
return_content: yes
|
||||
delegate_to: localhost
|
||||
register: fetched_keys
|
||||
|
||||
- name: Liste der einzelnen Keys erstellen
|
||||
ansible.builtin.set_fact:
|
||||
key_list: "{{ fetched_keys.content.splitlines() }}"
|
||||
|
||||
- name: authorized_keys anlegen (falls nicht vorhanden)
|
||||
ansible.builtin.file:
|
||||
path: "/root/.ssh/authorized_keys"
|
||||
state: touch
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0600"
|
||||
|
||||
- name: Jeden Key einzeln mit authorized_key hinzufügen
|
||||
ansible.builtin.authorized_key:
|
||||
user: "root"
|
||||
key: "{{ item | trim }}"
|
||||
state: present
|
||||
loop: "{{ key_list }}"
|
||||
when: item | trim != ""
|
||||
|
||||
- name: Harden SSH configuration
|
||||
ansible.builtin.template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify:
|
||||
- Restart SSH
|
||||
Reference in New Issue
Block a user